diff --git a/bls-keystore/build.gradle b/bls-keystore/build.gradle index 8e55105f..69fa6ff7 100644 --- a/bls-keystore/build.gradle +++ b/bls-keystore/build.gradle @@ -21,7 +21,6 @@ jar { } dependencies { - implementation 'tech.pegasys.teku.internal:bls' implementation 'com.fasterxml.jackson.core:jackson-databind' implementation 'org.bouncycastle:bcprov-jdk15on' implementation 'com.google.guava:guava' diff --git a/bls-keystore/src/main/java/tech/pegasys/signers/bls/keystore/KeyStore.java b/bls-keystore/src/main/java/tech/pegasys/signers/bls/keystore/KeyStore.java index ab9c942c..5e01b2fc 100644 --- a/bls-keystore/src/main/java/tech/pegasys/signers/bls/keystore/KeyStore.java +++ b/bls-keystore/src/main/java/tech/pegasys/signers/bls/keystore/KeyStore.java @@ -18,8 +18,6 @@ import static org.apache.tuweni.bytes.Bytes.concatenate; import static org.apache.tuweni.crypto.Hash.sha2_256; -import tech.pegasys.artemis.util.mikuli.PublicKey; -import tech.pegasys.artemis.util.mikuli.SecretKey; import tech.pegasys.signers.bls.keystore.model.Checksum; import tech.pegasys.signers.bls.keystore.model.Cipher; import tech.pegasys.signers.bls.keystore.model.Crypto; @@ -33,7 +31,6 @@ import javax.crypto.spec.SecretKeySpec; import org.apache.tuweni.bytes.Bytes; -import org.apache.tuweni.bytes.Bytes48; import org.bouncycastle.jce.provider.BouncyCastleProvider; /** @@ -47,7 +44,9 @@ public class KeyStore { /** * Encrypt the given BLS12-381 key with specified password. * - * @param blsPrivateKey BLS12-381 private key in Bytes + * @param blsPrivateKey BLS12-381 private key in Bytes to encrypt. It is not validated to be a + * valid BLS12-381 key. + * @param blsPublicKey BLS12-381 public key in Bytes. It is not validated and stored as it is. * @param password The password to use for encryption * @param path Path as defined in EIP-2334. Can be empty String. * @param kdfParam crypto function such as scrypt or PBKDF2 and related parameters such as dklen, @@ -58,12 +57,14 @@ public class KeyStore { */ public static KeyStoreData encrypt( final Bytes blsPrivateKey, + final Bytes blsPublicKey, final String password, final String path, final KdfParam kdfParam, final Cipher cipher) { checkNotNull(blsPrivateKey, "PrivateKey cannot be null"); + checkNotNull(blsPublicKey, "PublicKey cannot be null"); checkNotNull(password, "Password cannot be null"); checkNotNull(path, "Path cannot be null"); checkNotNull(kdfParam, "KDFParam cannot be null"); @@ -73,9 +74,7 @@ public static KeyStoreData encrypt( cipher.validate(); final Crypto crypto = encryptUsingCipherFunction(blsPrivateKey, password, kdfParam, cipher); - final Bytes pubKey = - new PublicKey(SecretKey.fromBytes(Bytes48.leftPad(blsPrivateKey))).toBytesCompressed(); - return new KeyStoreData(crypto, pubKey, path); + return new KeyStoreData(crypto, blsPublicKey, path); } private static Crypto encryptUsingCipherFunction( diff --git a/bls-keystore/src/test/java/tech/pegasys/signers/bls/keystore/KeyStoreTest.java b/bls-keystore/src/test/java/tech/pegasys/signers/bls/keystore/KeyStoreTest.java index 59fbaaf4..7354e22b 100644 --- a/bls-keystore/src/test/java/tech/pegasys/signers/bls/keystore/KeyStoreTest.java +++ b/bls-keystore/src/test/java/tech/pegasys/signers/bls/keystore/KeyStoreTest.java @@ -124,7 +124,7 @@ private KeyStoreData loadKeyStoreFromResource(final String resourcePath) { void encryptWithKdfAndCipherFunction( final KdfParam kdfParam, final Bytes expectedChecksum, final Bytes encryptedCipherMessage) { final KeyStoreData keyStoreData = - KeyStore.encrypt(BLS_PRIVATE_KEY, PASSWORD, "", kdfParam, CIPHER); + KeyStore.encrypt(BLS_PRIVATE_KEY, BLS_PUB_KEY, PASSWORD, "", kdfParam, CIPHER); assertThat(keyStoreData.getCrypto().getChecksum().getMessage()).isEqualTo(expectedChecksum); assertThat(keyStoreData.getCrypto().getCipher().getMessage()).isEqualTo(encryptedCipherMessage); assertThat(keyStoreData.getVersion()).isEqualTo(KeyStoreData.KEYSTORE_VERSION); @@ -207,7 +207,7 @@ void encryptUsingPBKDF2AndSaveKeyStore(@TempDir final Path tempDir) throws IOExc private void encryptSaveAndReloadKeyStore(final Path tempDir, final KdfParam kdfParam) throws IOException { final KeyStoreData keyStoreData = - KeyStore.encrypt(BLS_PRIVATE_KEY, PASSWORD, "", kdfParam, CIPHER); + KeyStore.encrypt(BLS_PRIVATE_KEY, BLS_PUB_KEY, PASSWORD, "", kdfParam, CIPHER); final Path tempKeyStoreFile = Files.createTempFile(tempDir, "keystore", ".json"); assertThatCode(() -> KeyStoreLoader.saveToFile(tempKeyStoreFile, keyStoreData)) .doesNotThrowAnyException(); diff --git a/build.gradle b/build.gradle index 1ca93d35..b565d440 100644 --- a/build.gradle +++ b/build.gradle @@ -180,6 +180,15 @@ allprojects { check('InsecureCryptoUsage', CheckSeverity.WARN) check('WildcardImport', CheckSeverity.WARN) + + // This check is broken in Java 12. See https://github.com/google/error-prone/issues/1257 + if (JavaVersion.current() == JavaVersion.VERSION_12) { + check('Finally', net.ltgt.gradle.errorprone.CheckSeverity.OFF) + } + // This check is broken after Java 12. See https://github.com/google/error-prone/issues/1352 + if (JavaVersion.current() > JavaVersion.VERSION_12) { + check('TypeParameterUnusedInFormals', net.ltgt.gradle.errorprone.CheckSeverity.OFF) + } } options.encoding = 'UTF-8' diff --git a/gradle.properties b/gradle.properties index 1a786e6c..a1d0fea1 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,2 +1,2 @@ org.gradle.jvmargs=-Xmx1g -version=0.0.1-SNAPSHOT +version=0.0.2-SNAPSHOT diff --git a/gradle/versions.gradle b/gradle/versions.gradle index 6ae7fe5b..93a3da92 100644 --- a/gradle/versions.gradle +++ b/gradle/versions.gradle @@ -58,7 +58,5 @@ dependencyManagement { dependency 'org.mockito:mockito-core:3.2.4' dependency 'org.mockito:mockito-inline:3.2.4' dependency 'org.mockito:mockito-junit-jupiter:3.2.4' - - dependency 'tech.pegasys.teku.internal:bls:0.8.2-SNAPSHOT' } }